[Freeipa-users] freeipa authentication token manipulation error

Rakesh Rajasekharan rakesh.rajasekharan at gmail.com
Mon Jan 12 17:55:16 UTC 2015 

This is the full log,

Jan 12 17:45:15 10-5-68-5 sshd[29753]: pam_sss(sshd:account): User info
message: Password expired. Change your password now.
Jan 12 17:45:15 10-5-68-5 sshd[29753]: Accepted password for hq-testuser
from 10.5.68.184 port 54048 ssh2
Jan 12 17:45:16 10-5-68-5 sshd[29753]: pam_unix(sshd:session): session
opened for user hq-testuser by (uid=0)
Jan 12 17:45:16 10-5-68-5 passwd: pam_unix(passwd:chauthtok): user
"hq-testuser" does not exist in /etc/passwd
Jan 12 17:45:35 10-5-68-5 passwd: pam_unix(passwd:chauthtok): user
"hq-testuser" does not exist in /etc/passwd
Jan 12 17:45:41 10-5-68-5 passwd: pam_sss(passwd:chauthtok): Password
change failed for user hq-testuser: 22 (Authentication token lock busy)
Jan 12 17:45:43 10-5-68-5 sshd[30329]: Received disconnect from 10.5.68.184:
11: disconnected by user
Jan 12 17:45:43 10-5-68-5 sshd[29753]: pam_unix(sshd:session): session
closed for user hq-testuser


>> Does it happen for all users or only users that you migrated?
Yes it happens for all, I created a new user ( hq-testuser) is  a fresh one
that I created.

I found a workaround for this , users are able to successfully change the
password by connecting to the IPA master server.
So, its only  the ipa clients that have the issue.


Thanks,
Rakesh

On Mon, Jan 12, 2015 at 10:57 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Mon, Jan 12, 2015 at 04:01:32PM +0530, Rakesh Rajasekharan wrote:
> > under /var/log/secure.. have this error
> > passwd: pam_sss(passwd:chauthtok): Password change failed for user
> > hq-testuser: 22 (Authentication token lock busy)
>
> It looks like the log was trucated, can you post more context?
>
> Authentication token lock busy usually means the kadmin servers were
> offline..
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150112/35a05019/attachment.htm>

More information about the Freeipa-users mailing list